Method and arrangement for secure communication between network units in a communication network

ABSTRACT

The invention relates to a first network unit (See) which comprises a secure hardware component (HK) for saving and running software. A second network unit (P) comprises a secure software component (SK) for saving and running software. A method for secure communication comprises: saving a first common secret, a first algorithm and a second algorithm on the network units; sending a first date from the second network unit to the first network unit; running the first algorithm on the first network unit and on the second network unit wherein the input is in each case formed by the second common secret and the first date; sending of a second date from the first network unit to the second network unit; running the second algorithm on the first network unit and on the second network unit; wherein the input is formed in each case by the second common secret and the second date; and use of the third common secret for a secure communication.

The present invention relates to a method and arrangement for secure communication between network units in a communication network.

It is often desirable to protect software that is to be run on an insecure network unit, such as, for example, an insecure hardware platform, against external attacks. An insecure hardware platform, such as, for example, a universal computer consisting of standard components, has no countermeasures against external attacks of this type on software running on the platform. External attacks aim, for example, to obtain information on the running software or to manipulate the software.

There are different approaches to implementing measures on an insecure hardware platform which meet specific security requirements for the running software.

If the relevant hardware platform cannot be extended or modified, all measures to protect the software must be achieved by extending the existing software. Known means are, for example, the technique of obfuscation or white-box cryptography, which enable the mode of operation and data content of software running on the hardware platform to be concealed from an attacker. However, these techniques are fraught with the risk that the mode of operation can nevertheless be analyzed and cracked by an attacker.

If the hardware platform can be extended or modified, the use of suitable secure network units, such as, for example, secure modules, is appropriate.

Secure modules are, for example, secure memory modules, trusted platform modules (TPMs) or SmartCard controllers (also known as security controllers). By means of modules of this type, it is possible, for example, to store secret data material securely and in non-readable form, and to implement cryptographic algorithms securely, for example, resistant to side-channel attacks.

However, the use of secure hardware modules brings with it the disadvantage that further problems may arise due to additionally necessary communication between the insecure platform and the secure hardware modules. For example, an attacker could monitor the communication interface between the insecure platform and a secure module and analyze the respective data traffic.

A confidential and authentic communication between an insecure hardware platform and a secure module has therefore hitherto been difficult to ensure.

The object of the present invention is therefore to produce an improved secure communication between network units.

Accordingly, a method is proposed for secure communication between a first network unit and a second network unit in a communication network. The first network unit comprises at least one secure hardware component for the secure storage and secure running of software. The second network unit comprises at least one secure software component for the secure storage and secure running of software. The method has the following steps:

-   a) storage of a first common secret, a first algorithm and a second     algorithm on the first network unit using the secure hardware     component and on the second network unit using the secure software     component; -   b) transmission of a first datum from the second network unit to the     first network unit; -   c) running of the first algorithm on the first network unit using     the secure hardware component and on the second network unit using     the secure software component for the respective provision of a     second common secret, wherein the input for the first algorithm is     formed in each case by the first common secret and the first datum; -   d) transmission of a second datum from the first network unit to the     second network unit; -   e) running of the second algorithm on the first network unit using     the secure hardware component and on the second network unit using     the secure software component for the respective provision of a     third common secret, wherein the input for the second algorithm is     formed in each case by the second common secret and the second     datum; and -   f) use of the third common secret by the first network unit and the     second network unit for a secure communication between the first     network unit and the second network unit.

Here, the term “software” comprises executable programs and the associated data and forms the complement to the term “hardware”, which comprises the physical components of a network unit.

The first datum and the second datum may in each case be transmitted in clear text, i.e. without encryption.

The method allows a secure and authentic communication between two network units such as, for example, an insecure hardware platform and a secure module. It is possible to form the common secrets that are used for each pair of first and second network units differently so that a potential attacker cannot transfer the results of an analysis relating to an insecure network device onto a different insecure network device.

The method enables the communication channel between an insecure platform and a security controller to be protected in a flexible manner against attacks on confidentiality and authenticity. This is achieved with minimal outlay and minimal costs.

In embodiments of the method, a repetition of steps d) and e) is carried out for an update of the third common secret according to a predefinable rule.

In this way, the third common secret may, for example, be changed at regular intervals in order to hinder a potential attack on a communication channel between the first and second network units.

The second datum is advantageously changed for each repetition of steps d) and e).

In further embodiments of the invention, the first network unit refuses a further communication with the second network unit if the updating of the third common secret due according to the predefinable rule does not take place.

This represents a further improvement in the secure communication between the network units, since, in the case of a successful attack, a possibly corrupted third common secret is no longer usable for an attacker due to the updating that is absolutely essential for a further communication.

In further embodiments, the predefinable rule comprises a trigger, wherein the trigger is activated by the expiry of a predefinable time period.

In further embodiments, the predefinable rule comprises a trigger, wherein the trigger is activated by a reaching of a predefinable data volume exchanged between the first network unit and the second network unit.

In further embodiments, the predefinable rule comprises a trigger, wherein the trigger is activated after each use of the third common secret by the first network unit or the second network unit.

The updating of the third common secret after each use is, for example, advantageous in the case of semantically very simple data to be transmitted which can assume only a small number of different values, for example “0/1” or “Yes/No”. Data of this type may easily be derived by an attacker if the same third common secret is used over a lengthy period for the secure communication.

If the third common secret is changed regularly, an attacker can analyze the communication for a short time period only, and can use the results at most until the third common secret is changed.

In further embodiments, the first datum and/or the second datum is a random number, a platform-individual datum or a serial number.

The use of a platform-individual datum or serial number enables a platform-individual communication which hinders a potential attacker from drawing conclusions relating to other platforms from the analysis of the communication of one platform.

In further embodiments, the first common secret and/or the second common secret and/or the third common secret are formed by two communication keys, wherein the two communication keys comprise a confidentiality key and an authenticity key.

In further embodiments, the second network unit is a universal computer.

A universal computer is, for example, a calculator or computer which is formed from standard components which do not necessarily need to be secured.

In further embodiments, the secure hardware component is formed by a security module protected against unauthorized access.

A security module is, for example, a trusted platform module. Security modules of this type are commercially available in large numbers.

In further embodiments, the secure software component is formed by code obfuscation, white-box cryptography and/or measures to protect against debugging attacks.

A protection against debugging attacks serves to protect against attacks on the software and/or the associated data in runtime by means of debuggers. Debuggers are software tools which enable access to running programs and their data in the memory of a computer.

In further embodiments, the first network unit is designed as a security controller, also known as SmartCard controller.

In further embodiments, the security controller is designed as a passive component.

The term “passive” means that the security controller responds only to requests from the insecure platform and can send the second datum for a key update.

Furthermore, a computer program product is proposed which initiates the performance of at least one step of the method described above on a program-controlled unit.

A computer program product such as a computer program means may, for example, be provided or supplied, for example, as a storage medium, such as a memory card, a USB stick, a CD-ROM, a DVD or in the form of a downloadable file from a server in a network. This can be effected, for example, in a wireless communication network through the transmission of a corresponding file with the computer program product or the computer program means.

Furthermore, a data medium is proposed with a stored computer program with commands which initiates the performance of at least one step of a corresponding method on a program-controlled unit.

Furthermore, an arrangement is proposed with a first network unit and a second network unit in a communication network. The first network unit comprises at least one secure hardware component for the secure storage and secure running of software, and the second network unit comprises at least one secure software component for the secure storage and secure running of software. The secure hardware component is configured for the secure storage of a first common secret, a first algorithm and a second algorithm on the first network unit. The secure software component is configured for the secure storage of the first common secret, the first algorithm and the second algorithm on the second network unit. The arrangement furthermore has a first transmit means which is configured for the transmission of a first datum from the second network unit to the first network unit. The secure hardware component is configured for the secure running of the first algorithm on the first network unit. The secure software component is configured for the secure running of the first algorithm on the second network unit. Both serve for the respective provision of a second common secret, wherein the input for the first algorithm is formed in each case by the first common secret and the first datum. The arrangement furthermore has a second transmit means which is configured for the transmission of a second datum from the first network unit to the second network unit. Furthermore, the secure hardware component is configured for the secure running of the second algorithm on the first network unit. The secure software component is configured for the secure running of the second algorithm on the second network unit. Both serve for the respective provision of a third common secret, wherein the input for the second algorithm is formed in each case by the second common secret and the second datum. Furthermore, the arrangement has communication means which are configured for the use of the third common secret by the first network unit and the second network unit for a secure communication between the first network unit and the second network unit.

The cryptographic means, the first and second transmitter means and the communication means can be implemented via hardware and/or software. In the case of a hardware implementation, the respective means can be designed as a device or as part of a device, for example as a computer or as a microprocessor. In the case of a software implementation, the respective means can be designed as a computer program product, as a function, as a routine, as part of a program code or as an executable object.

Further possible implementations of the invention also comprise combinations, not explicitly specified, of method steps, features or embodiments of the method or the arrangement described above or below in relation to the example embodiments. Here, the person skilled in the art will also add or modify individual aspects as improvements or supplements to the respective basic form of the invention.

The characteristics, features and advantages of this invention described above, and the manner in which these are achieved, will become clearer and more readily understandable in connection with the following description of the example embodiments which are explained in detail in connection with the drawings.

In the drawings:

FIG. 1 shows a schematic view of an example embodiment of an arrangement with a first network unit and a second network unit in a communication network; and

FIG. 2 shows a schematic flow diagram of an example embodiment of a method for secure communication between a first network unit and a second network unit in a communication network.

In the figures, identical or functionally identical elements are denoted with the same reference numbers, unless otherwise indicated.

FIG. 1 shows a schematic view of a first example embodiment of an arrangement 1 with a first network unit Sec and a second network unit P in a communication network. A communication connection, which is shown in FIG. 1 by a dotted line, exists between the first network unit Sec and the second network unit P. Further components of the communication network are not shown in FIG. 1. for the sake of better readability.

The second network unit P is a universal computer comprising standard components and is therefore an unprotected or insecure platform, whereas the first network unit Sec is a security controller, i.e. a protected or secure platform.

The security controller Sec comprises a secure hardware component HK for the secure storage and secure running of software, and the insecure platform P comprises a secure software component SK for the secure storage and secure running of software. Due to the secure software component SK, software, i.e. a program and its data, are protected in adequate form on the insecure platform against debugging attacks, as a result of which a fast readout of the communication keys GS, PS and KE, KA which are then used is not possible for an external attacker on the insecure platform.

The secure hardware component HK is configured for the secure storage of a first common secret GS and for the secure running of a first algorithm A1 and a second algorithm A2 on the security controller Sec. The secure software component SK is configured for the secure storage of the first common secret GS and for the secure running of the first algorithm A1 and the second algorithm A2 on the insecure platform P.

Both the security controller Sec and the insecure platform P thus comprise corresponding means for the secure storage of the first common secret GS and for the secure running of the first algorithm A1 and the second algorithm A2. This serves for the respective provision of a second common secret PS.

The insecure platform P furthermore comprises a first transmit means S1 for the transmission of a first datum SD, for example a serial number stored on the insecure platform P or a hardware address, to the security controller Sec.

The security controller P comprises a second transmit means S2 for the transmission of a second datum R, for example a random number, to the insecure platform P.

Furthermore, the secure hardware component HK and the secure software component SK are configured for the secure running of the second algorithm A2. This serves for the respective provision of a third common secret KE, KA.

Both the security controller Sec and the insecure platform P comprise a communication means K1, K2 for the use of the third common secret KE, KA for a secure communication with one another.

FIG. 2 shows a schematic flow diagram of an example embodiment of a method for secure communication between the security controller Sec and the insecure platform P.

In a first step 201, the first common secret GS, the first algorithm A1 and the second algorithm A2 are stored on the security controller using the secure hardware component HK and on the insecure platform P using the secure software component SK.

A common secret GS, which may, for example, be a cryptographic key in the form of two communication keys KE, KA, is thus stored on the insecure platform P and on the security controller Sec. This common secret GS is identical for all platforms. This secret GS cannot be read out on the security controller Sec, since the security controller Sec comprises, for example, a secure, non-readable memory. The common secret GS is protected on the insecure platform P by suitable means, for example using code obfuscation or through white-box cryptography, i.e. through the integration of the secret GS into a cryptographic algorithm which is implemented by means of white-box techniques.

In a second step 202, the serial number SD is transmitted from the insecure platform P to the security controller Sec.

The second step 202 is also referred to as initial pairing.

In a third step 203, the first algorithm A1 is run on the security controller Sec using the secure hardware component HK and on the insecure platform P using the secure software component SK for the respective provision of the second common secret PS, wherein the input for the first algorithm A1 is formed in each case by the first common secret GS and the serial number SD.

A platform-individual secret PS is therefore derived in each case with the same algorithm A1 using the platform-individual serial number SD on both the insecure platform P and the security controller Sec. The datum SD, here the serial number, can be transmitted in clear text to the security controller Sec. The algorithm A1 must be protected on the insecure platform P, for example through obfuscation or white-box cryptography.

The security controller Sec requires a key update of the communication keys KE, KA at regular intervals. For this purpose, in a fourth step 204, the random number R is transmitted from the security controller Sec to the insecure platform P.

In a fifth step 205, the second algorithm A2 is run on the security controller Sec using the secure hardware component HK and on the insecure platform P using the secure software component SK for the respective provision of the third common secret KE, KA, wherein the input for the second algorithm A2 is formed in each case by the second common secret PS and the second datum R.

In this way, new communication keys KE, KA comprising a confidentiality key KE and an authenticity key KA are calculated from the random number R and the platform-individual key PS. The random number R can again be transmitted in clear text to the insecure platform P. The algorithm A2 must again be protected on the insecure platform P through code obfuscation or white-box cryptography.

The fourth step 204 and the fifth step 205 represent a secret update or key update of the communication keys. The secret update is preferably carried out at regular intervals in order to hinder an attack by an external attacker.

The insecure platform P is intended to be forced to carry out a key update at regular intervals. This process cannot be instigated by the security controller Sec if a purely passive module is involved. Rules are therefore defined which unambiguously clarify for both sides, i.e. for the security controller Sec and the insecure platform P, when a key update of this type is to be carried out. This may be the case, for example, once a specific data volume transmitted between the security controller Sec and the insecure platform P has been attained or at the end of a pre-definable time period.

In the absence of a key update due according to a rule, the security controller Sec refuses any further communication with the insecure platform P.

In a sixth step 206, the third common secret KE, KA is used by the security controller Sec and the insecure platform P for a secure communication with one another. The sixth step 206 comprises any number of communication processes between the security controller Sec and the insecure platform P, wherein, as explained above, a key update according to steps 204 and 205 is undertaken at regular intervals in order to further increase the security of the method.

Step 202 is used in order to enable a platform-individual communication. This measure hinders attackers from drawing conclusions relating to other platforms from the analysis of the communication of one platform.

Steps 204 and 205, i.e. the regular key update, are used in order to hinder the analysis of the communication by an attacker. Since the communication keys are regularly changed, an attacker can analyze the communication for a short time period only and can use the results at most until the keys are changed.

Step 202 cannot be replaced by the transmission of a random number R2 from the security controller Sec to the insecure platform P. It would then be possible for an attacker to observe this random number on a platform and load it onto further (insecure) platforms during the pairing process. The security controller Sec from which the random number R2 was transmitted could then be used as a server for different insecure platforms, since all platforms would then know the same platform-individual key PS.

An example of the selection of the algorithms A1 and A2 is shown below.

The common secret GS and the common secret PS are stored on the insecure platform P by means of a symmetric block cipher E protected through white-box cryptography. The symmetric block cipher protected through white-box cryptography thus represents the secure software component SK on the insecure platform P.

The individual steps for the algorithms A1 and A2, including the key deposition or key storage on the insecure platform P and the security controller Sec are as follows:

-   1. GS must be protected in a suitable manner by means of an     irreversible transformation T. GS is therefore stored on the     insecure platform P in the form of T(GS). -   2. The symmetric block cipher E inverts the transformation T, for     example through white-box implementation, on the key GS, after which     the actual key derivation takes place, and the result is again     stored following a transformation with T:     -   PS is derived by means of PS=E(T⁻¹(GS), SD). T (PS) is stored on         the insecure platform P. -   3. In order to generate the communication keys KA and KE, the     security controller Sec generates two random numbers R1 and R2.     These are again encrypted using the symmetric algorithm A2, and the     cipher texts are used as the two communication keys KE, KA:     -   KE is derived by means of KE=E(T⁻¹(PS), R1).     -   KA is derived by means of KE=E(T⁻¹(PS), R2).

An attacker cannot then successfully attack the common secret GS, since the latter is protected on the insecure platform P by the transformation T and on the security controller Sec by the secure memory.

Furthermore, an attacker cannot successfully attack the algorithm A1, since the latter is protected by the white-box methods on the insecure platform P and by the secure memory on the security controller Sec.

An attacker cannot successfully attack the common secret PS either, since the latter is protected on the insecure platform P by the transformation T and on the security controller Sec by the secure memory.

An attacker cannot successfully attack the algorithm A2 either, since the latter is protected by the white-box methods on the insecure platform P and by the secure memory on the security controller Sec.

Furthermore, an attacker cannot successfully attack the communication keys KE and KA since the latter, as described above, are transient due to the regular key update and the insecure platform P is adequately protected with anti-debugging measures in order to prevent a fast extraction of the communication keys KE, KA from the memory of the insecure platform P. The communication keys KE, KA are protected on the security controller Sec by the secure memory.

Although the invention has been illustrated and described in detail by means of the preferred example embodiment, the invention is not limited by the disclosed examples and other variations can be derived herefrom by the person skilled in the art without exceeding the protective scope of the invention. 

1. A method for secure communication between a first network unit (Sec) and a second network unit (P) in a communication network, wherein the first network unit (Sec) comprises at least one secure hardware component (HK) for the secure storage and secure running of software, and wherein the second network unit (P) comprises at least one secure software component (SK) for the secure storage and secure running of software, with the steps: a) storage of a first common secret (GS), a first algorithm (A1) and a second algorithm (A2) on the first network unit (Sec) using the secure hardware component (HK) and on the second network unit (P) using the secure software component (SK); b) transmission of a first datum (SD) from the second network unit (P) to the first network unit (Sec); c) running of the first algorithm (A1) on the first network unit (Sec) using the secure hardware component (HK) and on the second network unit (P) using the secure software component (SK) for the respective provision of a second common secret (PS), wherein the input for the first algorithm (A1) is formed in each case by the first common secret (GS) and the first datum (SD); d) transmission of a second datum (R) from the first network unit (Sec) to the second network unit (P); e) running of the second algorithm (A2) on the first network unit (Sec) using the secure hardware component (HK) and on the second network unit (P) using the secure software component (SK) for the respective provision of a third common secret (KE, KA), wherein the input for the second algorithm (A2) is formed in each case by the second common secret (PS) and the second datum (R); and f) use of the third common secret (KE, KA) by the first network unit (Sec) and the second network unit (P) for a secure communication between the first network unit (Sec) and the second network unit (P).
 2. The method as claimed in claim 1, characterized in that a repetition of steps d) and e) is carried out for an update of the third common secret (KE, KA) according to a predefinable rule.
 3. The method as claimed in claim 2, characterized in that the first network unit (Sec) refuses a further communication with the second network unit (P) if the updating of the third common secret (KE, KA) due according to the predefinable rule does not take place.
 4. The method as claimed in claim 2 or 3, characterized in that the predefinable rule comprises a trigger, wherein the trigger is activated by the expiry of a predefinable time period.
 5. The method as claimed in claim 2 or 3, characterized in that the predefinable rule comprises a trigger, wherein the trigger is activated by a reaching of a predefinable data volume exchanged between the first network unit (Sec) and the second network unit (P).
 6. The method as claimed in claim 2 or 3, characterized in that the predefinable rule comprises a trigger, wherein the trigger is activated after each use of the third common secret (KA, KE) by the first network unit (Sec) or the second network unit (P).
 7. The method as claimed in one of the preceding claims, characterized in that the first datum (SD) and/or the second datum (R) is a random number, a platform-individual datum or a serial number.
 8. The method as claimed in one of the preceding claims, characterized in that the first common secret (GS) and/or the second common secret (PS) and/or the third common secret (KE, KA) are formed by two communication keys (KE, KA), wherein the two communication keys (KE, KA) comprise a confidentiality key (KE) and an authenticity key (KA).
 9. The method as claimed in one of the preceding claims, characterized in that the second network unit (P) is a universal computer.
 10. The method as claimed in one of the preceding claims, characterized in that the secure hardware component (HK) is formed by a security module protected against unauthorized access.
 11. The method as claimed in one of the preceding claims, characterized in that the secure software component (SK) is formed by code obfuscation, white-box cryptography and/or measures to protect against debugging attacks.
 12. The method as claimed in one of the preceding claims, characterized in that the first network unit (Sec) is designed as a security controller.
 13. The method as claimed in claim 12, characterized in that the security controller (Sec) is designed as a passive component.
 14. A computer program product which instigates the performance of at least one step of the method as claimed in one of claims 1 to
 13. 15. An arrangement (1) with a first network unit (Sec) and a second network unit (P) in a communication network, wherein the first network unit (Sec) comprises at least one secure hardware component (HK) for the secure storage and secure running of software, and wherein the second network unit (P) comprises at least one secure software component (SK) for the secure storage and secure running of software, wherein a) the secure hardware component (HK) is configured for the secure storage of a first common secret (GS), a first algorithm (A1) and a second algorithm (A2) on the first network unit (Sec) and the secure software component (SK) is configured for the secure storage of the first common secret (GS), the first algorithm (A1) and the second algorithm (A2) on the second network unit (P); b) a first transmit means (S1) is configured for the transmission of a first datum (SD) from the second network unit (P) to the first network unit (Sec); c) the secure hardware component (HK) is configured for the secure running of the first algorithm (A1) on the first network unit (Sec) and the secure software component (SK) is configured for the secure running of the first algorithm (A1) on the second network unit (P) for the respective provision of a second common secret (PS), wherein the input for the first algorithm (A1) is formed in each case by the first common secret (GS) and the first datum (SD); d) a second transmit means (S2) is configured for the transmission of a second datum (R) from the first network unit (Sec) to the second network unit (P); e) the secure hardware component is configured for the secure running of the second algorithm (A2) on the first network unit (Sec) and the secure software component (SK) is configured for the secure running of the second algorithm (A2) on the second network unit (P) for the respective provision of a third common secret (KE, KA), wherein the input for the second algorithm (A2) is formed in each case by the second common secret (PS) and the second datum (R); f) communication means (K1, K2) are configured for the use of the third common secret (KE, KA) by the first network unit (Sec) and the second network unit (P) for a secure communication between the first network unit (Sec) and the second network unit (P). 